Return-Path: 
 <users-return-20734-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 47156 invoked by uid 500); 21 Jan 2003 16:49:25 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
list-post: <mailto:users@httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 47145 invoked from network); 21 Jan 2003 16:49:24 -0000
Received: from unknown (HELO utkalika.net) (207.142.8.99)
  by 208.185.179.12.available.above.net with SMTP; 21 Jan 2003 16:49:24 -0000
Received: (qmail 25567 invoked from network); 21 Jan 2003 16:48:52 -0000
Received: from public@utkalika.net by utkalika.net by uid 2020 with
 qmail-scanner-1.15
 (f-prot: 3.12.  Clear:.
 Processed in 0.103312 secs); 21 Jan 2003 16:48:52 -0000
Received: from user.avicenna.com (HELO rtwick) (208.217.116.129)
  by utkalika.net with SMTP; 21 Jan 2003 16:48:52 -0000
Message-ID: <006d01c2c16c$e950a380$4176d9d0@careinsite.com>
From: "R'twick Niceorgaw" <public@utkalika.net>
To: <users@httpd.apache.org>
References: <001501c2c16b$8b36a1b0$55eaa8c0@gbjk1>
Date: Tue, 21 Jan 2003 11:48:16 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Spam-Rating: 208.185.179.12.available.above.net 1.6.2 0/1000/N
Subject: Re: [users@httpd] how to block hackers ?


----- Original Message -----
From: "Gareth Kirwan" <gbjk@thermeoneurope.com>
To: <users@httpd.apache.org>
Sent: Tuesday, January 21, 2003 11:38 AM
Subject: RE: [users@httpd] how to block hackers ?


> Sorry for the top post.
>
> 1) Nobody should have access to your .ht* files.
> A default configuration in your httpd.conf is:
> <Files ~ "^\.ht">
>     Order allow,deny
>     Deny from all
>     Satisfy All
> </Files>
>
> 2) ../../etc/passwd: They shouldn't / can't access documents outside the
> directory structure of the site.
>
> 3) For general blocking just use
> Order allow, deny
> Allow from all
> Deny from x.x.x.x
> [ Though Order might be the other way round, but I'm fairly sure that's
> right ]
>

Thanks Gareth,

my server didn't allow acess to .htaccess or any files outside the document
root. So, I think my setup is ok ( still learning).
Deny from x.x.x.x requires me to manualy edit the file and restart apache
and is good for just that ip. I'm sure a hacker will change his ip address
next time he attacks. So, what I was looking for is some means so that
apache will automatically block an IP if it meets certain criteria in the
request string or if there's been a very high volume of request form one
site in certain amount of time.

R'twick



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org